BT
rss
DevOps Follow 1013 Followers

DevSecOps Grows Up and Finds Itself a Community

by Helen Beal Follow 5 Followers on  Jul 06, 2018

On June 28th, the first DevSecOps Days event came to London following a similar event in San Francisco in April. It kicked off with a welcome address from event founders, Mark Miller and John Willis, who explained that the intention is to replicate the DevOpsDays model and empower communities worldwide to stand up their own events.

DevOps Follow 1013 Followers

Managing the Software Supply Chain with the "Grafeas" Metadata API and "Kritis" Deploy Authorization

by Daniel Bryant Follow 801 Followers on  May 06, 2018

In a recent Google Cloud Platform (GCP) blog series exploring container security, the GCP team has presented further details of Grafeas -- a common API and language to store, query and retrieve metadata about software components -- and Kritis -- a proposed framework that enables the use of metadata stored in Grafeas to build and enforce real-time deployment policies with Kubernetes.

DevOps Follow 1013 Followers

Chef Enhances Cloud Security Automation in InSpec 2.0

by Helen Beal Follow 5 Followers on  Feb 27, 2018

Continuous automation vendor, Chef, has announced the availability of InSpec 2.0, a new version of Chef’s free open source tool that enables DevOps and cross-functional application, infrastructure and security teams to express security and compliance rules as code and assess and remediate compliance issues through the entire software delivery life cycle.

Architecture & Design Follow 2535 Followers

Microservices and Security

by Jan Stenberg Follow 38 Followers on  Nov 15, 2016

When it comes to application security, we often include it as an afterthought. We have learnt how to add test into the development workflows, but with security we often assume someone else will come and fix it later on, Sam Newman claimed in his keynote at this year’s Microservices Conference in London.

Followers

Security in the Software Development Lifecycle

by Srini Penchikala Follow 40 Followers on  Feb 21, 2011

Application security must be integrated into software development process. Late stage penetration testing is not sufficient because it will be too late and too expensive to fix mistakes. Steve Lipner from Microsoft spoke during the application security seminar at RSA conference last week about security in the software development lifecycle.

Followers

US Government: Proposed Assessment and Authorization for Cloud Computing

by James Vastbinder Follow 0 Followers on  Nov 25, 2010

Two weeks back the US CIO's office released a 90 page proposal entitled, Proposed Security Assessment and Authorization for US Government Cloud Computing. The document is the result of 18 months of work among the NIST, GSA, ISIMC and the CIO Council to evaluate security controls and multiple Assessment and Authorization models for US Government Cloud Computing.

Followers

AppSec DC: Neal Ziring on Application Assurance

by Srini Penchikala Follow 40 Followers on  Nov 20, 2010

Neal Ziring said that the role for developers is changing where they have become the first line of defense for applications. Neal presented the keynote session at AppSec DC 2010 conference last week. He also talked about application assurance process with focus on aspects like resilience and visibility.

BT